This is currently doable via htaccess, but htaccess can be overwritten if perms are not correct.

It is also not controllable on a global level which is important for shared multi tenant server security. As we cannot monitor which directories the end user creates but we want to maintain a specific level of security for the system.